CVE-2025-13278

Published
View on NVD ↗
CVSS v3
6.3
MEDIUM
CVSS v2
6.5
MEDIUM
Affected
1
PROJECT

Description

A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrowed_book_search.php. Such manipulation of the argument datefrom/dateto leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CH0ico/CVE_choco_1
CH0ico/CVE_choco_1
During the security review of "Advanced Library Management System", discovered a critical SQL injection vulnerability in the "borrowed_book_search.php" file.
GitHubGitHub